Category Started On Completed On Duration Cuckoo Version
FILE 2014-06-26 04:39:21 2014-06-26 04:41:48 147 seconds 1.2-dev
Machine Label Manager Started On Shutdown On
machine1 machine1 VirtualBox 2014-06-26 04:39:21 2014-06-26 04:41:48

File Details

File name Tax_76534597434804-335.pdf.exe
File size 98304 bytes
File type PE32 executable (GUI) Intel 80386, for MS Windows
CRC32 FD4AACFB
MD5 c331f3e515712ba8691e77ae611f3bbf
SHA1 5bb96c7f48fbffeac5eab006c00fd5b6cc941845
SHA256 ba7bded2a6994039c980ac5a32ab13f6eb6f4ff84f50ae21d135bdde066e564a
SHA512 bc5025f0528b1a7501451619491f96cea8c659a26fc6deef4cfd30f47cae12623a39adac79cd3754cda76a219c0e636e4f4f9a13c9e7464da0efd5265bc42ce5
Ssdeep None
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2014-06-26 08:36:22
Detection Rate: 44/54 (Expand)

Signatures

No signatures matched

Screenshots

Static Analysis

Sections

Imports

Strings

Dropped Files

Nothing to display.

Network Analysis

Nothing to display.

Anomalies

  • unhook Unhook detection thread has been corrupted! (pid=484, process=Tax_76534597434804-335.pdf.exe)

Behavior Summary

Files
  • C:\DOCUME~1\mohn\LOCALS~1\Temp\Tax_76534597434804-335.pdf.exe
  • C:\DOCUME~1\mohn\LOCALS~1\Temp\TAX_76~1.EXE
  • C:\DOCUME~1\mohn\LOCALS~1\Temp\ProgramFiles\Dvdmaker\Dvdmaer.EXE\\xc2\x90
  • C:\DOCUME~1\mohn\LOCALS~1\Temp\E\:MYApp\.Exe
  • C:\myapp.exe
  • C:\WINDOWS\system32
  • *.dll
  • C:\
Mutexes
  • CTF.TimListCache.FMPDefaultS-1-5-21-1202660629-1606980848-1957994488-1003MUTEX.DefaultS-1-5-21-1202660629-1606980848-1957994488-1003
Registry Keys
  • HKEY_CURRENT_USER\software
  • HKEY_CURRENT_USER\software\
  • HKEY_CURRENT_USER\software\\Matrix
  • HKEY_CURRENT_USER\software\\Matrix\Recent File List
  • HKEY_CURRENT_USER\software\\Matrix\Settings
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
  • Matrix.Document
  • Matrix.Document\DefaultIcon
  • Matrix.Document\shell\open\command
  • Matrix.Document\shell\print\command
  • Matrix.Document\shell\printto\command
  • .max
  • HKEY_CLASSES_ROOT\.max\ShellNew
  • HKEY_USERS\S-1-5-21-1202660629-1606980848-1957994488-1003
  • HKEY_USERS\S-1-5-21-1202660629-1606980848-1957994488-1003\Control Panel\Desktop

Processes

registry filesystem process services network synchronization

Tax_76534597434804-335.pdf.exe PID: 484, Parent PID: 288

Tax_76534597434804-335.pdf.exe PID: 1932, Parent PID: 484

Volatility

Nothing to display.